OpenVPN 3 Core Library
Loading...
Searching...
No Matches
Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
openvpn::DataChannelEpoch Class Reference

#include <data_epoch.hpp>

Inheritance diagram for openvpn::DataChannelEpoch:
[legend]
Collaboration diagram for openvpn::DataChannelEpoch:
[legend]

Public Member Functions

void iterate_send_key ()
 
uint16_t get_future_keys_count ()
 
bool should_renegotiate ()
 
 DataChannelEpoch ()=default
 
 DataChannelEpoch (decltype(cipher) cipher, openvpn::StaticKey e1send, openvpn::StaticKey e1recv, SSLLib::Ctx libctx=nullptr, uint16_t future_key_count=16)
 
void replace_update_recv_key (std::uint16_t new_epoch, const SessionStats::Ptr &stats_arg)
 
void check_send_iterate ()
 
EpochDataChannelDecryptContextlookup_decrypt_key (uint16_t epoch)
 
EpochDataChannelEncryptContextencrypt ()
 

Protected Member Functions

void generate_future_receive_keys ()
 
void generate_encrypt_ctx ()
 

Protected Attributes

openvpn::CryptoAlgs::Type cipher
 
SSLLib::Ctx libctx
 
uint16_t future_keys_count
 
EpochDataChannelEncryptContext encrypt_ctx {}
 
EpochDataChannelDecryptContext decrypt_ctx {}
 
EpochDataChannelDecryptContext retiring_decrypt_ctx {}
 
std::vector< EpochDataChannelDecryptContextfuture_keys
 
EpochKey send {}
 
EpochKey receive {}
 

Detailed Description

Definition at line 141 of file data_epoch.hpp.

Constructor & Destructor Documentation

◆ DataChannelEpoch() [1/2]

openvpn::DataChannelEpoch::DataChannelEpoch ( )
default

◆ DataChannelEpoch() [2/2]

openvpn::DataChannelEpoch::DataChannelEpoch ( decltype(cipher cipher,
openvpn::StaticKey  e1send,
openvpn::StaticKey  e1recv,
SSLLib::Ctx  libctx = nullptr,
uint16_t  future_key_count = 16 
)

Definition at line 209 of file data_epoch.cpp.

Member Function Documentation

◆ check_send_iterate()

void openvpn::DataChannelEpoch::check_send_iterate ( )

Checks if the send epoch needs to be iterated and update the encryption context if needed

Definition at line 331 of file data_epoch.cpp.

Here is the caller graph for this function:

◆ encrypt()

EpochDataChannelEncryptContext & openvpn::DataChannelEpoch::encrypt ( )
inline

Return the context that should be used to encrypt packets

Definition at line 221 of file data_epoch.hpp.

Here is the caller graph for this function:

◆ generate_encrypt_ctx()

void openvpn::DataChannelEpoch::generate_encrypt_ctx ( )
protected

Definition at line 229 of file data_epoch.cpp.

Here is the caller graph for this function:

◆ generate_future_receive_keys()

void openvpn::DataChannelEpoch::generate_future_receive_keys ( )
protected

Definition at line 165 of file data_epoch.cpp.

Here is the caller graph for this function:

◆ get_future_keys_count()

uint16_t openvpn::DataChannelEpoch::get_future_keys_count ( )
inline

Returns the number of future receive keys that this will consider as validate candidates for decryption

Definition at line 185 of file data_epoch.hpp.

◆ iterate_send_key()

void openvpn::DataChannelEpoch::iterate_send_key ( )

Forces the use of a new epoch key for sending

Definition at line 220 of file data_epoch.cpp.

Here is the caller graph for this function:

◆ lookup_decrypt_key()

openvpn::EpochDataChannelDecryptContext * openvpn::DataChannelEpoch::lookup_decrypt_key ( uint16_t  epoch)

Using an epoch, this function will try to retrieve a decryption key context that matches that epoch from the opt argument

Parameters
epochepoch of the key to lookup
Returns
the key context with

Definition at line 285 of file data_epoch.cpp.

Here is the caller graph for this function:

◆ replace_update_recv_key()

void openvpn::DataChannelEpoch::replace_update_recv_key ( std::uint16_t  new_epoch,
const SessionStats::Ptr stats_arg 
)

Definition at line 235 of file data_epoch.cpp.

Here is the caller graph for this function:

◆ should_renegotiate()

bool openvpn::DataChannelEpoch::should_renegotiate ( )
inline

Check if the VPN session should be renegotiated to generate new epoch send/receive keys

Definition at line 194 of file data_epoch.hpp.

Here is the caller graph for this function:

Member Data Documentation

◆ cipher

openvpn::CryptoAlgs::Type openvpn::DataChannelEpoch::cipher
protected

Cipher to use to generate the keys

Definition at line 145 of file data_epoch.hpp.

◆ decrypt_ctx

EpochDataChannelDecryptContext openvpn::DataChannelEpoch::decrypt_ctx {}
protected

Definition at line 157 of file data_epoch.hpp.

◆ encrypt_ctx

EpochDataChannelEncryptContext openvpn::DataChannelEpoch::encrypt_ctx {}
protected

Definition at line 155 of file data_epoch.hpp.

◆ future_keys

std::vector<EpochDataChannelDecryptContext> openvpn::DataChannelEpoch::future_keys
protected

Definition at line 162 of file data_epoch.hpp.

◆ future_keys_count

uint16_t openvpn::DataChannelEpoch::future_keys_count
protected

Usage limit (q+s) for plaintext blocks + number of invocations the number of future receive keys that we calculate in advance

Definition at line 153 of file data_epoch.hpp.

◆ libctx

SSLLib::Ctx openvpn::DataChannelEpoch::libctx
protected

TLS library context to initialise the ciphers

Definition at line 148 of file data_epoch.hpp.

◆ receive

EpochKey openvpn::DataChannelEpoch::receive {}
protected

The key used to generate the last receive data channel keys

Definition at line 169 of file data_epoch.hpp.

◆ retiring_decrypt_ctx

EpochDataChannelDecryptContext openvpn::DataChannelEpoch::retiring_decrypt_ctx {}
protected

Definition at line 159 of file data_epoch.hpp.

◆ send

EpochKey openvpn::DataChannelEpoch::send {}
protected

The key used to generate the last send data channel keys

Definition at line 166 of file data_epoch.hpp.

The documentation for this class was generated from the following files: